Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

295 advisories

Loading
Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal... High Unreviewed
CVE-2022-38211 was published Dec 29, 2022
Some Dahua software products have a vulnerability of server-side request forgery (SSRF). An... High Unreviewed
CVE-2022-45429 was published Dec 27, 2022
An issue in the graphData.cgi component of perfSONAR v4.4.5 and prior allows attackers to access... High Unreviewed
CVE-2022-41412 was published Nov 30, 2022
Auth. (subscriber+) Server-Side Request Forgery (SSRF) vulnerability in Better Messages plugin 1... High Unreviewed
CVE-2022-41609 was published Nov 19, 2022
kkFileView v4.1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the... High Unreviewed
CVE-2022-43140 was published Nov 17, 2022
A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). An... High Unreviewed
CVE-2022-42894 was published Nov 17, 2022
A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application... High Unreviewed
CVE-2022-20958 was published Nov 4, 2022
The Web Stories plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up... High Unreviewed
CVE-2022-3708 was published Oct 29, 2022
A vulnerability in the MiCollab Client server component of Mitel MiCollab through 9.5.0.101 could... High Unreviewed
CVE-2022-36451 was published Oct 25, 2022
Microsoft Exchange Server Elevation of Privilege Vulnerability. High Unreviewed
CVE-2022-41040 was published Oct 4, 2022
The Post SMTP Mailer/Email Log WordPress plugin before 2.1.7 does not have proper authorisation... High Unreviewed
CVE-2022-2352 was published Sep 27, 2022
The Web Player component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS... High Unreviewed
CVE-2022-30579 was published Sep 21, 2022
A Server-Side Request Forgery (SSRF) in fetch_net_file_upload function of baijiacmsV4 v4.1.4... High Unreviewed
CVE-2022-38931 was published Sep 21, 2022
Appsmith v1.7.11 was discovered to allow attackers to execute an authenticated Server-Side... High Unreviewed
CVE-2022-38298 was published Sep 13, 2022
The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file downloads and... High Unreviewed
CVE-2022-2633 was published Sep 7, 2022
An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite ... High Unreviewed
CVE-2022-37041 was published Aug 13, 2022
IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4... High Unreviewed
CVE-2022-31776 was published Aug 2, 2022
The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor... High Unreviewed
CVE-2022-22982 was published Jul 14, 2022
With this SSRF vulnerability, an attacker can reach internal addresses to make a request as the... High Unreviewed
CVE-2022-2339 was published Jul 8, 2022
The Import Export All WordPress Images, Users & Post Types WordPress plugin before 6.5.3 does not... High Unreviewed
CVE-2022-1977 was published Jun 28, 2022
The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host... High Unreviewed
CVE-2022-27780 was published Jun 3, 2022
The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within... High Unreviewed
CVE-2021-40186 was published Jun 3, 2022
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio... High Unreviewed
CVE-2022-1815 was published May 26, 2022
mysiteforme v2.2.1 was discovered to contain a Server-Side Request Forgery. High Unreviewed
CVE-2022-29309 was published May 25, 2022
The LikeBtn WordPress Like Button Rating ♥ LikeBtn WordPress plugin before 2.6.32 was... High Unreviewed
CVE-2021-24150 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database